How to
Jonathan Crowe
May 2016

5 Mistakes that Lead to Wasting Money on Security Software You Don't Need

Photo by Source


This post is a preview of our new Endpoint Security Buyer's Guide, which you can download here. I'd love to hear your feedback, so take a look then come back and let me know what you think in the comments below.

Cybersecurity budgets may be growing (Gartner estimates global spending will surpass $100 billion in 2018), but that doesn't mean you have money (or credibility) to waste on the wrong tools. One thing that's never fun is having to go back to your boss to explain why that product you fought so hard for wasn't what you actually needed. That's not exactly the best opening argument for why he or she should feel confident you've found the right solution this time around. 

In order to avoid that unpleasant conversation altogether, it's best to be picky. To help you get all the information you need to make a smart buying decision the first time around here are five common mistakes to avoid, with illustrative examples featuring the world's worst Dodge Durango salesman, Ron Burgundy.  

Mistake #1: Letting vendors define your top security needs for you  

Lesson from Ron: What's important to a vendor may or may not be the most important thing for you. 

Most security vendors are all too happy to tell customers what features are important to look for in a product (hint: it's usually the ones they offer). The trouble, of course, is when you’re a hammer, every problem looks like a nail.

Rather than get caught up in vendor jargon and buzzwords (who needs 25 "MPGs"?) and follow them down their respective rabbit holes, a better approach is to focus on your own specific security needs and priorities first. Answering the following three questions can help you surface what those are:

  • Why do we need better security? What are we most worried about?
    Is it suffering a data breach? Getting hit with ransomware? By asking this question, you can develop clarity around what it is you’re hoping to get out of a new security solution in the first place.
  • What will the fallout look like if our worries come true?
    Next, try to prioritize your concerns in terms of the potential damage they may cause. Will they result in measurable costs such as downtime, service fees, or fines? Will your company lose business or suffer a hit reputation-wise? Will you or others be in danger of losing your job?
  • Why aren’t we sufficiently protected from these concerns already?
    Now that your list of concerns is prioritized, take a step back and think about where your current security coverage is coming up short. Asking this question will help you uncover your gaps and develop specific goals around what you want a new solution to accomplish. 

Not only will arming yourself with this list of goals help you narrow down your search, it will also help you keep conversations with vendors centered squarely around your problem rather than solely the answers they're selling. Remember, the point is to hone in on the kinds of tools that are going to help not just anyone, but you, specifically.

Mistake #2: Focusing on features instead of use cases (and whether they directly apply to you) 

Lesson from Ron: Make sure you can fully utilize the features you're paying for (I mean, really, do you even have that much gum?). 


When you’re researching products or talking with vendors it can be easy to get a little too focused on the features being offered and lose sight of whether or not those features a) actually address your primary problem; b) are things you can actually utilize and manage with the time, staff, and resources you have at your disposal.

Every product has a "sweet spot" in terms of the conditions it works best in. As a potential customer, it's your job to find out what that is. Some vendors are going to be more up front about it than others. For example, many security solutions (especially detection and response tools — more on those later) require considerable in-house expertise and dedicated personnel to manage, but that may not be immediatly clear on a vendor's website. 

Also keep in mind that whenever security vendors talk about their products they tend to highlight examples and situations where the conditions were just right for their product to work best. If those conditions match your own situation, great! Otherwise, you're going to want to ask for examples of what implementation has looked like for organizations that are more similar to yours. 

Questions to ask:

  • How have other companies your size or in your industry effectively deployed the solution?
  • Did they have dedicated staff to install and manage it?
  • If so, what kind of experience or training did they need to do so effectively?
  • What did their day-to-day look like as they were getting the solution up and running, and what does it look like now that they’re (presumably) seeing results?

The answers should give you a more realistic idea of what you can expect, what’s required, and whether or not managing a particular solution is actually feasible. 

Mistake #3: Not insisting to try before you buy

Lesson from Ron: You should really take the time to put a new product through the paces.

You can research all the options, read Gartner reports and peer reviews, even sit through demos, but the truth is you won’t really know what it’s like to use and integrate a solution until you try it out in the real world.

If you work for a larger organization an evaluation period may be baked into your buying process already, but if that’s not the case it’s important to leverage any free trial period (which more and more vendors are offering) to take the product out for a spin, try to break it, and see how it operates in your specific conditions.

To make sure you’re taking full advantage of any free trial, download the Trial To-Do Checklist that’s part of our Endpoint Security Buyer’s Guide.

Mistake #4: Assuming new software will integrate well with your existing solutions, systems, and workflows

Lesson from Ron: If a new product actually makes a task more complicated it may not be worth it. 

Another argument for trying products before you buy is making sure it not only does what it says it's going to do, but that it plays nice with your other applications. Baseline, you want to make sure fixing one problem isn't causing others — adding too much complexity, crashing other programs, reporting a lot of false positives, introducing compatability issues, flooding other systems with too much or problematic data, etc.

Beyond that, you also want to confirm the new software integrates well within your current security stack, especially if that's a key selling point. 

Example: Will a new endpoint solution work well alongside your existing antivirus, or will it require you to rip and replace it? Will it generate data you can feed into downstream detection and response tools like a SIEM? The answers to these questions should inform the types of tests you conduct during a trial. 

Mistake #5: Investing in detection and response tools before you have prevention covered

Lesson from Ron: More is only better if it's more of the right thing.

As confidence in the capability of antivirus to detect new and advanced malware continues to slip (86% of professionals plan to replace or augment their existing antivirus products) companies are being left with the understanding that they need to do more, but a big lack of clarity around what exactly that "more" should be.

The answer an increasing number of security vendors are jumping to is "more" should mean gathering more data in the form of monitoring and detection tools. Since antivirus isn't working and you're bound to be infected at some point, the thinking goes, you shouldn't worry so much about trying to prevent attacks and focus on detecting and responding to them, instead.

The biggest problem with that approach is that it's reactive. Once malware has landed and executed on a machine, it can begin spreading and causing damage almost immediately (ransomware is a perfect example — it only needs minutes or seconds to encrypt a sizable chunk of files). That means waiting to respond to attacks until after they're initiating can push up your costs. The old adage "an ounce of prevention is worth a pound of cure" is still very much true. 

As Barkly co-founder and CTO Jack Danahy puts it, "Monitoring and response are vital, but lumping them together under the term 'protection' is like saying hospitals are a form of protection against breaking your leg or catching the flu." Many of us would agree getting a flu shot is far preferrable (and more cost effective) to getting sick and having to take off work and get treatment after the fact. 

It's easy for buying new security to become overly complicated and time consuming. Learn how to streamline the process by downloading our new Buyer's Guide below.

Photo by Mike Poresky

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.